[jboss-jira] [JBoss JIRA] (WFCORE-1874) HTTP2 / ALPN does not work when using wildfly-openssl

Stuart Douglas (JIRA) issues at jboss.org
Tue Oct 18 16:37:00 EDT 2016 

     [ https://issues.jboss.org/browse/WFCORE-1874?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stuart Douglas moved WFLY-7344 to WFCORE-1874:
----------------------------------------------

        Project: WildFly Core  (was: WildFly)
            Key: WFCORE-1874  (was: WFLY-7344)
    Component/s: Security
                 Server
                     (was: Security)
                     (was: Server)


> HTTP2 / ALPN does not work when using wildfly-openssl
> -----------------------------------------------------
>
>                 Key: WFCORE-1874
>                 URL: https://issues.jboss.org/browse/WFCORE-1874
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security, Server
>            Reporter: Stuart Douglas
>            Assignee: Stuart Douglas
>              Labels: wildfly-openssl
>
> wildfly-openssl version used: {{1.0.0.Alpha1}}.
> I have a problem to use HTTP2 on EAP when using OpenSSL implementation based on the wildfly-openssl project. When I use standard 'TLS' protocol, HTTP2 works just fine (using Chrome as a client). But when I switch to 'openssl.TLS', client uses HTTP/1.1 and never upgrade to HTTP2.
> What I do:
> # start EAP
> # perform request to: https://localhost:8443   ----- HTTP2 is used here
> # {{/core-service=management/security-realm=ApplicationRealm/server-identity=ssl:write-attribute(name=protocol,value=openssl.TLS)}}
> # reload
> # perform request to: https://localhost:8443   ----- HTTP/1.1 is used here
> I tried to check in Wireshark. When I compared Client and Server Hello packets, I can see that in both cases the Client Hello packets contains TLS ALPN extension part with offered protocols h2 and http/1.1. Although Server Hello packets differs. When 'TLS' is used, then Server Hello packet contains ALPN extension with chosen protocol of 'h2'. But when 'openssl.TLS' is used, I can see that appropriate Server Hello packet does not contain ALPN extension part at all, which I presume leads that HTTP/1.1 protocol is used for further communication.
> Not sure whether it is related somehow, I can also see that different types of ciphers are used - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 in case of 'TLS' and TLS_RSA_WITH_AES_128_GCM_SHA256 in case of 'openssl.TLS'.
> My openssl version is: {{1.0.2j-fips}}
> Not sure whether there must be performed some extra configuration to make HTTP2/ALPN work when using openssl implementation.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list